KU Portal

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Korea University portal/LMS helper that handles sensitive KU credentials, but its behavior matches its stated purpose and is user-directed.

Install only if you trust this skill and its ku-portal-mcp dependency with your KUPID username/password and academic data. Keep credentials.json chmod 600, avoid sharing the cache directory, delete credential/session files when uninstalling, and consider pinning the dependency for reproducible behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill declares no explicit permissions while its documented behavior clearly requires shell execution, network access, reading credential files, and writing local files. This creates a transparency and consent problem: users and the hosting platform may grant broader effective access than is visible from the permission model, increasing the chance of unsafe execution and unnoticed data exposure.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 83% confidence
Finding: The description says the skill is for KU KUPID portal queries, but the documented behavior also includes third-party menu retrieval from koreapas.com and writing an ICS file into the user's Downloads directory. That mismatch is dangerous because users may trust the skill for portal-only read operations while it also performs external network access and local file creation outside the stated scope.

Missing User Warnings

Medium

Confidence: 83% confidence
Finding: The code loads KUPID credentials from a local JSON file and exports them into process environment variables, then uses them for authenticated portal and LMS access without any consent prompt, minimization, or warning about where those credentials are sent. This increases the risk of accidental credential exposure to subprocesses, logs, crash reports, or unexpected third-party library behavior, especially because the same credentials are reused across multiple networked functions.

Credential Access

High

Category: Privilege Escalation
Content: requires: bins: ["python3"] config: - "~/.config/ku-portal/credentials.json" - "~/.cache/ku-portal-mcp/session.json" - "~/.cache/ku-portal-mcp/lms_session.json" - "~/.cache/ku-portal-mcp/server.log"
Confidence: 93% confidence
Finding: credentials.json

Credential Access

High

Category: Privilege Escalation
Content: 이 스킬은 로그인/캐시/내보내기 기능 때문에 아래 경로를 사용합니다. - 읽기: `~/.config/ku-portal/credentials.json` — KUPID 자격 증명 - 쓰기/읽기: `~/.cache/ku-portal-mcp/session.json` — 포털 세션 캐시 - 쓰기/읽기: `~/.cache/ku-portal-mcp/lms_session.json` — LMS 세션 캐시 - 쓰기: `~/.cache/ku-portal-mcp/server.log` — MCP 서버 로그
Confidence: 95% confidence
Finding: credentials.json

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal